1PUPPET-SSL(8)                    Puppet manual                   PUPPET-SSL(8)
2
3
4

NAME

6       puppet-ssl - Manage SSL keys and certificates for puppet SSL clients
7

SYNOPSIS

9       Manage SSL keys and certificates for SSL clients needing to communicate
10       with a puppet infrastructure.
11

USAGE

13       puppet ssl action [-h|--help] [-v|--verbose]  [-d|--debug]  [--localca]
14       [--target CERTNAME]
15

OPTIONS

17       •   --help: Print this help message.
18
19       •   --verbose: Print extra information.
20
21       •   --debug: Enable full debugging.
22
23       •   --localca Also clean the local CA certificate and CRL.
24
25       •   --target CERTNAME Clean the specified device certificate instead of
26           this host´s certificate.
27
28
29

ACTIONS

31       bootstrap
32              Perform all of the steps necessary to  request  and  download  a
33              client certificate. If autosigning is disabled, then puppet will
34              wait every waitforcert seconds for its certificate to be signed.
35              To  only attempt once and never wait, specify a time of 0. Since
36              waitforcert is a Puppet setting, it can be specified as  a  time
37              interval, such as 30s, 5m, 1h.
38
39       submit_request
40              Generate  a  certificate  signing request (CSR) and submit it to
41              the CA. If a private and public key  pair  already  exist,  they
42              will  be used to generate the CSR. Otherwise a new key pair will
43              be generated. If a CSR has already been submitted with the given
44              certname, then the operation will fail.
45
46       download_cert
47              Download a certificate for this host. If the current private key
48              matches the downloaded certificate, then the certificate will be
49              saved  and  used for subsequent requests. If there is already an
50              existing certificate, it will be overwritten.
51
52       verify Verify the private key and certificate are  present  and  match,
53              verify  the certificate is issued by a trusted CA, and check re‐
54              vocation status.
55
56       clean  Remove the private key and certificate related  files  for  this
57              host.  If  --localca  is specified, then also remove this host´s
58              local copy of the CA certificate(s) and CRL bundle. if  --target
59              CERTNAME  is  specified, then remove the files for the specified
60              device on this host instead of this host.
61
62       show   Print the full-text version of this host´s certificate.
63
64
65
66
67Puppet, Inc.                       May 2022                      PUPPET-SSL(8)
Impressum